travel-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to call public MCP provider endpoints (e.g., https://mcp.kiwi.com, https://mcp.skiplagged.com/mcp, https://mcp.trivago.com/mcp, https://mcp.ferryhopper.com/mcp) and to parse and act on their JSON responses as part of its decision and scoring workflow (see SKILL.md and references/*.md), so untrusted third‑party responses can directly influence tool use and next actions.